Accessing PHI? What you should know about FairWarning. Patient Privacy Monitoring System

Similar documents
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc HIPAA Hotline

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy & Security Training for Clinicians

PHI- Protected Health Information

Annual Compliance Training. HITECH/HIPAA Refresher

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

Awareness Training for VIM Volunteers and Staff

HIPAA and Health Information Privacy and Security

Health Insurance Portability and Accountability Act (HIPAA)

View the Replay on YouTube. Sustainable HIPAA Compliance: Enhancing Your Epic Reporting. FairWarning Executive Webinar Series October 17, 2013

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Education Level One For Volunteers & Observers

HIPAA Privacy for Caregivers

HIPAA: Privacy/Info Security

HIPAA. For General Workforce. What you need to know. HIPAA Training Presentation for Management Workforce

Patient Privacy and HIPAA/HITECH

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

Protecting Patient Privacy It s Everyone s Responsibility

HIPAA POLICY PROCEDURE GUIDE

HIPAA and Privacy Policy Training

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

Department of Health and Human Services Policy ADMN 004, Attachment A

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

The Basics of HIPAA Privacy and Security and HITECH

Privacy Compliance Health Occupations Students

MEDICAL OFFICE ASSISTANTS PCM Training

PRIVACY AND SECURITY SURVIVAL TRAINING

Statement of Policy. Reason for Policy

HIPAA Patient Privacy Training

SCDA and SCDA Member Benefits Group

HIPAA Training for the MDAA Preceptorship Program. Health Insurance Portability and Accountability Act

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Compliance for Students

HIPAA Compliance Annual Mandatory Education

2014 Core Training 1

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

SUMMARY OF Proactive Monitoring Procedures

Let s Talk About Privacy

HIPAA 101: Privacy and Security Basics

Building a Culture of Health Care Privacy Compliance

Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns

HIPAA Training for Hospice Staff and Volunteers

HIPAA Privacy Rule Policies

HIPAA PRIVACY SELF-STUDY MATERIALS

Chapter 15 The Electronic Medical Record

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

Derry Medical Center Patient Portal Information Page

HIPAA and You The Basics

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

Privacy Policy Version 1.0, 1 st of May 2016

NOTICE OF PRIVACY PRACTICES

Guidance and Instructions on Configuring Access and Auditing. NYC Dept. of Health and Mental Hygiene. Primary Care Information Project

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

Keweenaw Holistic Family Medicine Patient Registration Form

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

Compliance Training for Medicare Programs Version 1.0 2/22/2013

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA PRIVACY OVERVIEW

HIPAA Security Training Manual

Clinician s Guide to HIPAA Privacy. I. Introduction What is HIPAA? Health Information Privacy Protected Health Information

Transcription:

Accessing PHI? What you should know about FairWarning Patient Privacy Monitoring System Office of HIPAA Privacy & Security 2014

Overview What is PHI? What is FairWarning? Why do we audit? Audit examples What is the process? Defining a business or clinical need. Accessing PHI appropriately How do I access medical records? Best Practices Resources

What is Protected Health Information (PHI)? PHI is the information protected under the HIPAA regulation. PHI is: Identifiable healthcare information related to the past, present, or future physical or mental condition of a person. Examples of PHI include: Any identifying information such as: Name Social Security Number Drivers License number Health insurance ID number Date of birth Full face photo In combination with: Treatment Lab results Diagnosis Medications Billing details Clinical trial data etc. (the individual s healthcare-related information) The full definition of PHI is available on the OHPS website at: http://www.privacyoffice.med.miami.edu/awareness/tips/what-is-phi

What is FairWarning? FairWarning is software that facilitates the automated monitoring of access to various IT systems that house PHI (i.e.uchart, Meditech, etc.).

Why Do We Audit Review of user access logs are required by HIPAA to protect the privacy of patient information and to detect any unauthorized access, use or disclosure. FairWarning automates the audits and identifies potentially inappropriate access behavior. Conducting access audits is a way to monitor the access of our employees to the systems housing PHI. OHPS conducts access audits both proactively as well as in response to complaints. This software increases the ability to proactively monitor our systems.

Audit Examples The following are examples of audits: Users accessing medical records of family members Users accessing medical records of co-workers Users accessing medical records of VIPs Users accessing medical records of neighbors Users accessing or printing abnormally large numbers of records over a period of time The following are examples of information being reviewed: User Name Module/Function Patient Name Time and Date of Access Activity Performed

What is the Process? The system generates an alert. The alert will be reviewed. Additional follow-up may be necessary to determine if the access was actually inappropriate (for a NON business or clinical purpose) If an access appears to have been inappropriate (i.e., no apparent business or clinical reason), then further investigation may include the following: MEMO: A memo may be sent to your supervisor requesting validation of the purpose of the access to a particular patient account/information INTERVIEW: Human resources/faculty Affairs in conjunction with the Office of HIPAA Privacy and Security, may conduct an interview with the employee to obtain additional information. SANCTION: If warranted, disciplinary guidelines will be followed based on the level of violation (see Disciplinary Guidelines for HIPAA Issues)

What is meant by a business or clinical need?" Apply this analytical test..to determine.. Ask yourself the following questions: 1. Is access to this record or this information required by my job? 2. Is this access necessary for Treatment, Payment or Health Care Operations? If unsure, ask your supervisor.

If Your Job Requires You To. Update a patient s demographic information Follow up on a claim submission or statement Document a patient s vital signs or medication Change the patient s insurance information Append an operative note to a claim that has already been submitted -If the answer is YES Then YES.Access is required or permitted for work-related purposes (i.e. a business or clinical need).

What About Accessing PHI for Personal Use? Your co-worker s had a procedure and you wanted to know the details. Your co-worker s birthday is coming up but you can t remember the exact date and want to send out a card. You need the new address of your ex-spouse to give to your attorney. You heard that Mr. Celebrity from your favorite show was seen at UHealth. You wonder what he came in for. Your aunt has an appointment and you want to know the doctor she is seeing and the reason. You are curious to see if your sister s surgery charge got resubmitted. Access is NOT permitted for such purposes.

If you are unsure of the answer to any question ASK your supervisor before you access the information.

Inappropriate Access is NOT permissible & will be investigated.

How do I obtain Access to my OWN medical record or those of my family members? If you need access to your medical information: Access your information or your child s information (Proxy access) through MYUHealthChart (contact the UChart Help Desk askmyuhealthchart@med.miami.edu). Contact the Health Information Integrity (Medical Records) office of the department or facility and complete the request for access form to obtain your records. If you need access to your adult family member s information: Family members need to authorize your access to their health information. This requires completion of the Attachment 46, Third Party Authorization form. Access your information or your child s information (Proxy access) through MYUHealthChart (contact the UChart Help Desk askmyuhealthchart@med.miami.edu).

Best Practices. 1. Do not mistake the EMR for a telephone directory. 2. Because you can does not mean you should. 3. NEVER share your passwords or allow someone to use your access. 4. If you access a record or screen by mistake, exit out immediately, and continue with your work. 5. Log out of your computer or lock your desktop when you leave your workstation. 6. Do not let the fear of an audit hinder your job performance. 8. If in doubt ASK your supervisor!

Resources Your supervisor or department administrator Office of HIPAA Privacy & Security (OHPS) Email: privacy@med.miami.edu Phone: 305-243-5000 Always Remember to Ask yourself 1. Is access to this record or this information required by my job? 2. Is this access necessary for Treatment, Payment or Health Care Operations?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information